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Method and system for conditional access 
Field of the invention 

The present invention is related to a method and system for 
granting access to a system distributing different services 
5 over a distribution network, and in which a user terminal is 
used in order to decode theses services, in accordance with 
the preamble of claims 1 and 15, respectively. 

Background of the invention 

A user of a pay-TV system is equipped with a decoder that is 
10 connected between a TV tap and a. TV set at the user's 

premises. A main part in the system transmits encoded and 
uncoded signals that the decoder receives via the TV tap. The 
encoded and uncoded signals may represent analogue or 
digitally encoded and uncoded TV programmes/ channel s , and the 
15 decoder may then decrypt parts of or all of the encoded 

signals in dependence of the access rights of the user, and 
thereby the access rights of the decoder, i.e. which 
channels/programmes the user pays to gain access to. 

Recent systems are often digital, i.e. the system broadcasts 
20 digital signals that are decoded by a digital decoder. An 

advantage with digital systems versus analogue systems is that 
a considerably larger amount of data may be transmitted, and 
thereby a considerably larger number of TV channels. The 
larger capacity in the digital systems also enables space for 
25 other services, for example interactive services such as games 
and surfing the Internet, where a user via a return channel in 
the system may affect and interact with what is shown on the 
TV set. 

Common for both analogue and digital pay-TV systems is that a 
3 0 user has to authenticate himself to the system, and from the 
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system receive authorization information in order to gain 
access to the services. This authorization to the system is in 
the digital-TV systems of today performed by means of a so 
called CA card (Conditional Access), containing a user's 
identity and giving access to the program selection that the 
user has access to (has paid for) . The user inserts his CA- 
card into his decoder and may then start to use the decoder. 
Authorization information received by the decoder may include 
a key to a certain service that the user has ordered, and an 
indication of for example which channels the user has paid for 
and thus should have access to. If the authorization 
information indicates that the user has the right to watch a 
certain channel, the decoder decrypts this channel. The 
channels/services that are coded are decoded by the CA-card 
that opens precisely the channels and services that the user 
has ordered. 

The CA-card in itself is a so called smart card that the user 
receives from the service provider. The handling of these 
cards is very expensive and thus a great problem for a 
digital -TV operator. These costs may comprise the 
manufacturing and distribution of the cards, but also stock 
keeping, administrative handling etc. 

Thus there exist a need for an improved method for 
authorization of a user of a pay-TV system, in which the above 
mentioned costs relating to the handling of cards may be 
decreased. 

Summary of the invention 

It is an object of the present invention to provide a method 
for authorization of a user and to grant access to a system 
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for this user, in which method costly card handling is 
avoided. 

In accordance with the present invention this is achieved by 
introducing an extra data stream that conveys a virtual card 
to the user's terminal. This data stream, or the virtual card, 
comprises the same functions as the CA-cards of today, among 
other things a unique user identity. Thereby costly, physical 
CA-cards need not be used, but can be eliminated entirely. 

In accordance with a preferred embodiment the virtual card is 
stored in a memory in the decoding terminal of the user. 
Thereby a user terminal does not need to include a card 
reader, which gives a simplified and thereby less expensive 
terminal . 

In accordance with another preferred embodiment , the memory 
consists of a flash memory, which provides the advantage that 
the virtual card resides in the memory even when the user 
terminal is turned off. Downloading of the virtual card need 
thus not be repeated each time a user wishes to use his/her 
terminal . 

In accordance with still another preferred embodiment, the 
memory consists of a RAM memory, which provides a less 
expensive terminal since RAM memories generally are less 
expensive than for example flash memories. The disadvantage is 
however that the virtual card needs to be downloaded each time 
the terminal is turned on. 

In accordance with still another embodiment the downloading of 
the virtual card comprises means for a more secure transfer of 
the card. Thereby fraud by means of interception of the sent 
out virtual cards is made more difficult. 
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In accordance with a preferred embodiment the security measure 
comprises encrypting the data stream. This is well known way 
to make interception more difficult, and thus a number of 
different encryption algorithms may be chosen. 

5 In accordance with still another preferred embodiment the 

security measure consists in that the user has to enter a code 
to his user terminal before the card can be received, i.e. 
before the card can be decrypted. This is preferably used in 
combination with encryption and then gives a particularly 
10 secure transfer of virtual cards. 

In accordance with still another preferred embodiment, the 
system unit generating the virtual cards comprises a VCD 
injector (Virtual Conditional Access Download) , the main task 
of which is to generate these virtual cards. Thereby a system 
15 unit is provided that is easily adapted to a plurality of 
different systems . 

In accordance with another preferred embodiment the user 
terminal comprises a set-top-box. Such set-top-boxes already 
exist on the market today and may advantageously be used in 
2 0 the present invention. 

In accordance with another preferred embodiment the invention 
is applied in a digital TV network. Thereby a considerably 
improved method for authorization of users is provided, 
compared to methods used today in digital pay-TV network. 

25 In accordance with another preferred embodiment the user 
terminal comprises a unique identity, and the extra data 
stream includes this unique identity. Thereby the virtual card 
intended for a certain user terminal may only be downloaded to 
that user terminal . This provides a secure way to convey the 
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virtual card, and fraud by downloading to unauthorized user 
terminals is made more difficult or avoided entirely. 

The present invention also relates to such a system. 

Further advantages are accomplished in different aspects of 
5 the invention and will become apparent by the following 
detailed description. 

Brief description of the drawings 

Fig. 1 schematically shows the different parts of a 
conventional pay-TV system in accordance with the SimulCrypt 
10 architecture defined by DVB. 

Fig. 2 shows the present invention in a conventional pay-TV 



Fig. 3 shows how a virtual card in accordance with the present 
invention can be downloaded to a user. 

15 Detailed description of preferred embodiments 

The in the description used designation set-top-box (STB) 
refers to a terminal at a user's premises having a built-in 
decoder in order to decode incoming encrypted signals into a 
format suited for displaying on a TV-set. 

2 0 In order to explain the use of the present invention, relevant 
parts of an existing pay-TV system, in which the invention may 
be applied, is first described. Although the present invention 
will be described in connection with the SimulCrypt 
architecture, which is the architecture that CA- systems 

25 (Conditional Access) of today utilize, a person skilled in the 
art realises that the invention may be used in other systems 
as well. The SimulCrypt architecture comprises four 
constituent parts: Subscriber Authorisation System (SAS) 14, 



system. 
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EMM- injector 13 generating authorisation information, ECM- 
injector 11 generating control word messages, and finally a 
decoder module at a user's premises. These constituent parts 
will now be described briefly. 

5 Fig. 1 shows a conventional pay-TV system 1, in which a 

preferred embodiment of the present invention may be applied. 
The system 1 comprises a TV- set 2 and a set -top -box (STB) 3 
connected to the TV-set 2. Further, the STB 3 and/or the TV- 
set 2 is/are connected to a distribution network 4, which may 

10 consist of a terrestrial TV distribution network, a satellite 
TV distribution network or a cable TV network. The 
distribution network 4 is today often a digital distribution 
network, in which standards developed by DVB (Digital Video 
Broadcasting) are used for information transfer. The described 

15 system is . essentially a unidirectional system, in which there 
is no return channel on which a supplier can receive a 
verification from a client, and nor is there a way to verify 
that a receiver is an authorized receiver. An unidirectional 
distribution network lacks the possibility to a handshake 

2 0 procedure in the return channel. 

A multiplexer 5 is also connected to the distribution network 
5, combining the information 6, 7, 8, 9, 10 to be sent via the 
distribution network 4 and attends to that the information 6, 
7, 8, 9, 10 is broadcasted. The information 6, 7, 8, 9, 10 
25 comprises partly the TV channels and TV programmes 6 to be 

broadcasted via the distribution network 4, partly radio and 
other audio information (for example the sound of the TV 
programmes) 7, partly for example games and other information 
8 such as for example betting information, teletext and 

3 0 subtitling, and partly control information 9, 10, which will 

be described in detail below. 
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Each provider of pay-TV services has its own pay-TV system and 
in order to enable coexistance of several pay-TV systems in 
one and the same distribution network a standard called 
SimulCrypt has been developed in order to enable control 
5 information from several service providers to be broadcasted 
over the same distribution network. 

A first control information 9 consists in control word 
messages, ECM messages (Entitlement Control Message) 9, 
generated in a ECM message injector 11. The ECM messages 9 

10 include information (keys for example) in order to enable 

decrypting of different broadcasts (TV channels for example) . 
A certain ECM message 9 can be broadcast often, for example 
several times each second, in order to be immediately 
available to a new viewer. A security module 12 in the STB 3 

15 reads the ECM messages 9 together with the EMM messages 10 in 
order to receive authorisation' and keys to decrypt the 
different broadcasts. The security module 12 may constitute an 
integrated part of the STB 3 or constitute a separate module 
to be inserted into the STB 3. The identity of the user is 

20 stored on a smart card, a CA card, that, the user today has to 
receive in some way from an operator and insert into the STB 
3, and that is connected to the security module 12 via a card 
reader. Authorisation information used in a specific STB 3 is 
received from one or more EMM messages 10 (Entitlement 

25 Management Message) constituting the second control 
information 10 and thus used in order to convey the 
authorities of the user to the STB. The EMM messages 10 are 
generated by an EMM injector 13 and contain information about 
a receiver's identity and which services the receiver should 

3 0 decrypt. The security module 12 in the STB 3 reads the EMM 

messages 10 in order to know what the STB 3 should decrypt and 
make available for the user, and then uses the ECM messages 9 
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as decrypting keys in order to be able to decrypt the chosen 
services . 

The authorities that a user should have, i.e. which EMM 
messages 10 should be sent to a user's STB 3 is controlled by 
a subscriber Authorisation System, SAS 14, which is a system 
acting on commands from an subscriber Management System, SMS 
15. The SMS 15 is a system managing user information and 
sending requests for activation of services to the SAS 14 that 
translates the information from the SMS 15 to EMM messages 10 
and sees to it that the security module 12 at the user's 
premises receives correct authorisation in order for correct 
service to be decoded. The SMS 15 is more or less unique to 
each service provider and can be designed such that it is an 
operator that manually enters which users should have which- 
services . . 

As has been described earlier, the handling of CA cards 16 
constitutes a large cost for a digital TV operator. In 
accordance with the present invention this card is eliminated, 
which will now be described in detail with reference to fig. 
2 . 

Instead of having a digital TV operator providing a physical 
CA card 16 to each user, said digital TV operator has a 
special system node in the system, a VCD injector (Virtual 
Conditional Access Download) 17, the task of which is to 
create virtual CA cards. These virtual CA cards contain the 
same information and functions that are stored on the physical 
CA cards of today. When a new user is added a new virtual CA 
card is created and put in a so called carrousel, being a 
circular list containing items, into which the program codes 
for the different virtual CA cards are entered. The items 
remain in the list during a predetermined time period before 
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they are removed. This time period should correspond to the 
time period needed for a STB 3 to be able to download the 
virtual CA card. 

As mentioned above, it is not important for the invention 
which CA system that is used, the important part of the 
invention consists in the VCD injector 17, the main task of 
which being to generate the virtual CA cards. This unit may 
easily be adapted to different systems. 

When the new user for the first time wishes to use his/her STB 
3, it has to be initiated, which, is done by downloading the 
virtual CA card to the. user's STB 3. The downloading of the 
virtual CA card is performed by means of an extra data stream 
18, here called a VCD .data stream 18 (Virtual Conditional 
Access Download) , transmitted over a distribution network to 
the user together with other information that the operator 
broadcasts. This VCD data stream 18 contains all the functions 
that the conventional CA cards of today' contain, among other 
things, an identification of the user. 

Information broadcast by a digital TV operator is received by 
a large number of STBs. A function in the STB 3 determines 
whether the received information is to be decoded or not, i.e. 
whether the user has authorization to access certain 
information, as was explained above. A certain STB 3 listens 
to the information stream, now also containing the extra VCD 
data stream 18, and receives the virtual CA card intended for 
that specific STB 3 . The received virtual card is stored in a 
memory 19 in the STB 3, and comprises preferably a flash 
memory. The advantage with having a flash memory is that the 
virtual CA card remains in the memory even if the STB 3 is 
turned off. An alternative is to use an ordinary RAM memory, 
but then it is required that the virtual CA card is downloaded 
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each time the STB 3 is turned on, which can be perceived as 
time-consuming by a user. 

In order for a VCD data stream 18 not to be intercepted and 
downloaded by an unauthorised user, it can be protected in 
different ways. One way to make it more difficult for a 
potential eavesdropper is to encrypt the information, whereby 
the key being generated for encrypting and decrypting, for 
example, may be based on the identity number of the STB 3 and 
the identity of the user. There is a number of ways to encrypt 
information, and the choice of encrypting algorithm is not 
essential for the invention and is thus not described further 
herein. 

A" user may also enter a code to his/her STB 3 in order to 
further enhance the security. 

In accordance with a preferred embodiment the user terminal 
includes an unique identity. The processor in a STB 3 has for 
example its own serial number, which serial number may be used 
as the unique identity of the STB 3. The hardware has in other 
words a unique identity. The extra VCD data stream 18 then 
includes also this unique identity. Thereby the virtual card 
intended for a certain user may only be downloaded to that 
particular user terminal. This provides a secure way to convey 
the virtual card, and fraud by means of downloading to 
unauthorized user terminals is made more difficult or avoided 
entirely. 

In accordance with an embodiment, shown in Fig. 3, a user 
wishing to download a virtual card to an optional STB 3, may 
do this through his/her mobile terminal. By utilizing a 
special server device 20, described in the pending patent 
application in Sweden (0103546-8, filed 2001-10-24, to the • 
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same applicant) , a user is able to create a temporary 
connection between his/her mobile terminal and an optional STB 
3 in the system 1. In accordance with the present invention 
the server device 2 0 is used in order to enable a user to 
5 download a virtual CA card by means of his/her mobile phone. 
This server device 2 0 has the task of opening a parallel way 
in order to create EMM messages 10 through the SAS 14 and with 
the aid of the VCD 17 create virtual CA cards to a certain STB 
3, which all in all gives authorization to this STB 3 to 

10 decode a certain service (for example a TV channel) . This 

authorisation may be temporary, an EMM message may for example 
be valid for only one service (a TV programme for example) . 
The server device also handles the debiting of these' services . 
A user wishing to download a virtual CA card in order to 

15 thereafter be able to order a service contacts the server 

device 2 0 via his/her mobile terminal and is identified via 
the mobile communication network. This identification includes 
for example that the user first identifies himself through a 
PIN code towards his SIM card (Subscriber Identity Module) 

20 when activating the mobile terminal, after which the SIM card 
is identified in the mobile communication network via the IMSI 
number (International Mobile Subscriber Identity) of the SIM 
card. In this way the mobile communication network know who 
the user is, and an unique user identity, for example in the 

25 form of the phone number of the user, is sent together with 
the set up request to the server device 20, which then uses 
the information as an identification and debiting basis. 

When the user has established contact with the server device 
20, the user states that he/she wishes to receive a virtual CA 
3 0 card and further an identity of the STB 3 to which the user 
wishes to have the virtual CA card delivered. Thereafter the 
server device 2 0 sends information to the VCD 17 about the 
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user and which STB 3 is to receive the virtual card. 
Furthermore, the server device 2 0 may send a code to the VCD 
17/ which code in such case is suitably also sent to the user 
over the mobile communication network. The VCD 17 translates 
the information from the server device 2 0 into a virtual card 
and sends an encrypted VCD data stream 18 received by the 
intended STB 3, as was explained above. The code that the user 
receives over the mobile communication network is entered into 
the STB 3 by the user (for example via a remote control) and 
is checked against the code received by the STB 3 from the VCD 
injector 17. When these correspond to each other, the virtual 
CA card may be decrypted and thereby the STB 3 may begin to 
decrypt CA protected services. In this way a particularly 
secure method for transferring the virtual CA card is 
provided. 

It is of course possible to order the virtual card in some 
other way, for example by means of a phone call to the 
operator or by letter. 





WO 03/069911 



PCT/SE02/02296 



13 



Claims 



1. A method for granting access to a system (1) in which 
different services are distributed over a distribution network 
(4) and in which a user terminal (3) is used to decode these 
5 services, characterised in that access is granted to said user 
terminal (3) by means of a virtual card, which card is 
downloaded over the distribution network (4) by means of an 
extra data stream (18) from a system unit (17) and is received 
by said user terminal (3) . 

10 2. Method as claimed in claim 1, characterised in that the 
data stream (18) downloading the virtual card transfers a 
unique user identity. 

3. Method as claimed in claim 1 or 2, characterised in that 
the data stream (18) downloading the virtual card transfers 
15 the same functions as contained in a conventional CA card 



4. Method as claimed in any of the preceding claims, 
characterised in that the virtual card is stored in a memory 
(19) in the user terminal (3) . 

2 0 5. Method as claimed in claim 4, characterised in that said 
storage is effected in a flash memory. 

6. Method as claimed in claim 4, characterised in that said 
storage s effected in a RAM memory. 

7. Method as claimed in any of the preceding claims, 

25 characterised in that said downloading of the virtual card 
includes means for secured transfer. 



(16) . 
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8. Method as claimed in claim 7, characterised in that said 
means comprises encrypting. 

9. Method as claimed in claim 7 or 8, characterised in that 
said means comprises having a user enter a code into the user 

5 terminal (3) before said virtual card may be received. 

10. Method as claimed in any of the preceding claims, 
characterised in that said system unit is a VCD injector (17) , 
the main task of which is to generate virtual cards. 

11. Method as claimed in any of the preceding claims, 

10 characterised in that the user terminal (3) is a set-top-box 
(3). 

12. Method as claimed in any of the preceding claims, 
characterised in that the distribution network (4) is a 
digital TV network. 

15 13.. Method as claimed in any of the preceding claims, 

characterised in that said services comprises at least one of 
the following: TV channels, TV programmes, movies or games. 

14. Method as claimed in any of the preceding claims, 
characterised in that said downloading is ordered by a user by 

20 means of the user's mobile terminal, wherein a server device 
(20) connected to a mobile communication network sends an 
order to said server unit (17) to create a virtual card and 
send it to the user. 

15. Method as claimed in any of the preceding claims, 
25 characterised in that said extra data stream includes a 

identity unique for said user terminal, by means of which said 
virtual card can only be downloaded to this user terminal. 
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16. A system distributing different services over a 
distribution network (4) and in which a user terminal (3) is 



used in order to decode these services characterised in that 
the system includes means for granting access to said system 
5 for said user terminal (3) by means of a virtual card, and 

means for downloading the virtual card over the distribution 
network (4) by means of an extra data stream (18) from a 
system unit (17) for reception by said user terminal (3) . 

17. System as claimed in claim 16, characterised in that the 
10 system unit arranged to download the virtual card by means of 

the data stream (18) transfers a' unique user identity. 

18. System as claimed in claim 16 or 17, characterised in that 
the system unit (17) arranged to download the virtual card by 
means of the data stream (18) transfers- the same functions as 

15 contained in a conventional CA card (16) . 

19. System as claimed in any of claims 16-18, characterised in 
that the system includes a memory (19) in the user terminal 
(3) in which the virtual card is stored. 

20. System as claimed in claim 19, characterised in that said 
2 0 memory is a flash memory. 

21. System as claimed in claim 19, characterised in that said 
memory is a RAM memory. 

22. System as claimed in any of claims 16-21, characterised in 
that said means for downloading of the virtual card includes 

25 means for secured transfer. 



23. System as claimed in claim 22, characterised in that said 
means for secured transfer comprises encrypting apparatus. 
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24. System as claimed in any of claims 16-23, characterised in 
that said system unit is a VCD injector (17) , the main task of 
which is to generate virtual CA cards. 

25. System as claimed in any of claims 16-24, characterised in 
that the user terminal (3) is a set-top-box (3) . 

26. System as claimed in any of claims 16-25, characterised in 
that the distribution network (4) is a digital TV network. 

27. System as claimed in any of claims 16-26, characterised in 
that said services comprises at least one of the following: TV 
channels, TV programmes, movies or games. 

28. ' System as claimed in any of claims 16-27, characterised in 
that said user terminal has a unique identity and that said 
extra data stream includes this unique identity, by means of 
which said virtual card can only be downloaded to this user 
terminal . 
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